On 25 January 2019 the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security and the State Administration for Market Regulation announced that they had launched a campaign to stop apps from unlawfully collecting and processing personal data.

The announcement sets out the obligations of various parties with regard to the collection and processing of personal data:

  • App operators must implement effective measures to strengthen the protection of personal data, as provided for in the Cybersecurity Law.
  • The National Information Security Standardisation Technical Committee, the China Consumers Association, the Internet Society of China and the Cybersecurity Association of China are authorised to formulate specifications for:
    • the basic business functions of, and data required by, popular apps; and
    • regulating and assessing the unlawful collection and processing of personal data by apps.
  • The relevant competent authorities will penalise apps which unlawfully collect and process data under the law. Administrative penalties include:
    • orders of rectification within a prescribed timeframe;
    • publication of the unlawful act;
    • the suspension of related business activities;
    • the shutdown of an app for rectification; and
    • the revocation of related permits or business licences.
  • Public security organs must crack down on criminal acts relating to the unlawful collection and processing of personal data.

In addition, app operators are encouraged to have their apps certified, and search engines and app stores are encouraged to identify and recommend certified apps.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.